-
Notifications
You must be signed in to change notification settings - Fork 535
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding uri_sans to pki_secret_backend_cert #759
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -56,6 +56,15 @@ func pkiSecretBackendCertResource() *schema.Resource { | |
Type: schema.TypeString, | ||
}, | ||
}, | ||
"uri_sans": { | ||
Type: schema.TypeList, | ||
Optional: true, | ||
Description: "List of alternative URIs.", | ||
ForceNew: true, | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
"other_sans": { | ||
Type: schema.TypeList, | ||
Optional: true, | ||
|
@@ -167,6 +176,12 @@ func pkiSecretBackendCertCreate(d *schema.ResourceData, meta interface{}) error | |
ipSans = append(ipSans, iIpSan.(string)) | ||
} | ||
|
||
iURISans := d.Get("uri_sans").([]interface{}) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could we simplify this code if we did something more like:
Or is there a downside to that? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hi @tyrannosaurus-becks, |
||
uriSans := make([]string, 0, len(iURISans)) | ||
for _, iUriSan := range iURISans { | ||
uriSans = append(uriSans, iUriSan.(string)) | ||
} | ||
|
||
iOtherSans := d.Get("other_sans").([]interface{}) | ||
otherSans := make([]string, 0, len(iOtherSans)) | ||
for _, iOtherSan := range iOtherSans { | ||
|
@@ -189,6 +204,10 @@ func pkiSecretBackendCertCreate(d *schema.ResourceData, meta interface{}) error | |
data["ip_sans"] = strings.Join(ipSans, ",") | ||
} | ||
|
||
if len(uriSans) > 0 { | ||
data["uri_sans"] = strings.Join(uriSans, ",") | ||
} | ||
|
||
if len(otherSans) > 0 { | ||
data["other_sans"] = strings.Join(otherSans, ",") | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this really
ForceNew
if this field changes?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @tyrannosaurus-becks,
To be quite honest, I lifted most of this code for a similar PR raised against CAs. https://github.com/terraform-providers/terraform-provider-vault/pull/373/files#diff-318e4d5fc8ea223f57928c837b6ea671R60. In that PR, it was set to ForceNew as well. I would think force new matches this matches the intent, as you probably need the uri set in the cert if your are taking the time to set it in the tf.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any option to update certificates in the API docs so I think
ForceNew: true
is correct here.